Wednesday, February 22, 2012

Man-in-the-Browser Attack

The idea of Man-in-the-Browser attack is similar to the traditional Man-in-the-Middle (MITM) one, where a malicious third party sits between the client and the server and intercepts the traffic. But it can be more dangerous because of the position of the malware: inside the victim's system, acting like a legal process, that helps the malware get access to the abstractions of the application layer easier than MITM. That is how trojans like Zeus manipulate online banking transactions and perform unauthorized transactions.       

Friday, February 3, 2012

Learning Web App. Penetration Test

I was browsing some security blogs, and I saw this great post introducing a set of vulnerable web applications available for learning purpose. I am familiar with the OWASP broken web apps collection, and the following table from securitythoughts will help to select the next candidates to test.

S.No.Vulnerable ApplicationPlatform
1SPI Dynamics (live)ASP
2Cenzic (live)PHP
3Watchfire (live)ASPX
4Acunetix 1 (live)PHP
5Acunetix 2 (live)ASP
6Acunetix 3 (live)ASP.Net
7PCTechtips Challenge (live)
8Damn Vulnerable Web ApplicationPHP/MySQL
9MutillidaePHP
10The Butterfly Security ProjectPHP
11Hacme CasinoRuby on Rails
12Hacme Bank 2.0ASP.NET (2.0)
13Updated HackmeBankASP.NET (2.0)
14Hacme BooksJ2EE
15Hacme TravelC++ (application client-server)
16Hacme ShippingColdFusion MX 7, MySQL
17OWASP WebGoatJAVA
18OWASP VicnumPHP, Perl
19OWASP InsecureWebAppJAVA
20OWASP SiteGeneratorASP.NET
21Moth
22Stanford SecuriBenchJAVA
23SecuriBench MicroJAVA
24BadStorePerl(CGI)
25WebMaven/Buggy Bank (very old)
26EnigmaGroup (live)
27XSS Encoding Skills – x5s (Casaba Watcher)
28Google – Gruyere (live) (previously Jarlsberg)
29Exploit- DBMulti-platform
30The Bodgeit StoreJSP
31LampSecurityPHP
32hackxorPerl(CGI)
33OWASP – HackademicPHP
34Exploit.co.il-WAPHP